Not 'Going Dark': 15 Out Of 15 Most Recent EU Terrorists Were Known To The Authorities In Multiple Ways

from the sure,-mass-surveillance-doesn't-work,-but-think-of-the-money-we-are-saving dept

Important information about recent terrorist attacks in Europe continues to emerge. Here's the latest news from Brussels, as reported by the Guardian:

Plans and photographs of the home and office of Belgium's prime minister, Charles Michel, have been found on a computer abandoned near a terrorist hideout in Brussels, according to Belgian sources.

The laptop was found in a bin near a flat in the Schaerbeek district that had been a makeshift bomb factory for the terrorists who killed 32 people and injured at least 340 in last week's suicide bombings at Brussels airport and the city metro.

Not unnaturally, perhaps, most commentary has been about the fact that Belgium's prime minister was apparently being considered as a target. But there's something else in this story that's interesting, not least because it's not explicit. The Belgian sources for this story have revealed that "plans and a photograph" were found on a computer. Assuming the laptop did indeed belong to the terrorists, that means one of two things: either the system did not use encryption at all, or that it was possible to bypass the protection. In either case, it looks like this is yet another demonstration that things are not "going dark" when it comes to terrorism, despite continued claims to the contrary.

Given how details about the attackers are coming through very sporadically, it can be hard to see the bigger picture. To address that issue, the German journalist Sascha Lobo has pulled together all the information he could find about lethal terrorist attacks carried out by Islamists over the last two years in Europe. Specifically, these were the attack on the Jewish Museum in Brussels in May 2014; the Paris attack on Charlie Hebdo and a Jewish supermarket in 2015; the attack on a cultural center and synagogue in Copenhagen in 2015; the second attack in Paris in November last year; and the recent attacks in Brussels.

All 15 identified attackers were on terror warning lists or "Islamist instigator" lists in at least one European country. In addition, most were on other lists, such as no-fly lists. All 15 had been classified as violence-prone. 14 had known contacts with other radical Islamists (one of them was apparently radicalized only via the Internet). Twelve had taken trips to the "Islamic State" in Syria, or to al-Qaida in Iraq or Yemen. Ten had criminal records, most of them for violent crimes.

This is not a terrifying world where things are "going dark" for the authorities. This is not a situation where strong crypto made it impossible to know who was doing what. This is a world of persistent failure by the intelligence agencies and police to use the information they already had at their disposal. This is a world that wants to shift the blame to evil encryption, rather than admit that mass surveillance doesn't work, and is the wrong approach. Lobo offers a plausible explanation why this is still happening, despite the manifest inability of blanket snooping to spot obvious connections and use them to stop attacks:

Comprehensive surveillance appears as seemingly inexpensive because it is a solution that scales thanks to technology: troubleshooting at the press of a button. Directly linked with the aim of saving more and more, just as with the State in general. But classic investigative work, which is proven to work, is expensive and labor intensive. This leads to a failure by the authorities because of a faith in technology that is driven by economics.

In other words, it's much cheaper to call for even more automated mass spying than to address the problem properly by bringing in more trained personnel to carry out targeted surveillance of people who are known threats.

Reader Comments

It is already painfully apparent that mass surveillance isn't working. Despite being granted all sorts of avenues to access individual data, terrorist incidents are still happening.

As is noted here, it's not that they don't have the data nor that they don't know who is likely to be a threat. It's simply that they aren't going for the one's they know with the intent to eliminate the threat.

So it comes down to a failure of the security branches to act on what they already know. Opening up encryption with backdoors isn't going to work or save the people. It's not a matter of data acquisition, it's a matter of failure on the parts of those agencies responsible to use the data they already have.

No amount of increasing data will cure this. They are not using the data they already have so more isn't going to help. What we are not seeing is the changing of methods to something that does work, instead of increasingly going for those that don't. As usual, scapegoating is at play but will only work so long and people questioning the need to open up security of encryption shows that the scapegoating isn't working as well any more.